Marco Fioretti:
> right, sorry. Here is the logs of a new message sent just now, with the
> configuration showed in my previous email:
>
> postfix/smtp[20851]: certificate verification failed for
> mx.example.com[xx.xx.xx.xx.]:587:
> self-signed certificate
> postfix/smtp[20851]: warning: SASL authentication failure: No worthy mechs
> found
Could it be that the SENDING machine lacks the SASL
plugins needed for LOGIN and PLAIN? Try:
# yum install cyrus-sasl{,-plain}
(or its equivalent for non-RedHat platforms).
Wietse
> postfix/smtp[20851]: 59D5BA4E835: to=<marco.fiore...@gmail.com>, relay=
> mx.example.com[xx.xx.xx.xx.]:587, delay=0.3, delays=0.18/0.02/0.1/0,
> dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate
> to server mx.example.com[xx.xx.xx.xx.]: no mechanism available)
> postfix/smtpd[20844]: disconnect from localhost[127.0.0.1]
>
>
> 2015-02-24 19:28 GMT+01:00 Wietse Venema <wie...@porcupine.org>:
>
> > Marco Fioretti:
> > > here is postconf -n output:
> >
> > And the logging for this? You have changed settings.
> >
> > Wietse
> >
> > > alias_database = hash:/etc/aliases
> > > alias_maps = hash:/etc/aliases
> > > command_directory = /usr/sbin
> > > config_directory = /etc/postfix
> > > daemon_directory = /usr/libexec/postfix
> > > debug_peer_level = 2
> > > disable_vrfy_command = yes
> > > html_directory = /usr/share/doc/postfix-2.4.3-documentation/html
> > > inet_interfaces = all
> > > mail_owner = postfix
> > > mailq_path = /usr/bin/mailq.postfix
> > > manpage_directory = /usr/share/man
> > > mydestination = $myhostname, localhost
> > > mydomain = $myhostname
> > > myhostname = a.mx.my.main.domain
> > > mynetworks = 127.0.0.0/8, xx.xx.xx.xx
> > > myorigin = $mydomain
> > > newaliases_path = /usr/bin/newaliases.postfix
> > > non_smtpd_milters = inet:localhost:8891
> > > queue_directory = /var/spool/postfix
> > > readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme
> > > relay_domains =
> > > sample_directory = /etc/postfix
> > > sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps
> > > sendmail_path = /usr/sbin/sendmail.postfix
> > > setgid_group = postdrop
> > > smtp_sasl_auth_enable = yes
> > > smtp_sasl_mechanism_filter =
> > > smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd
> > > smtp_sasl_security_options = noanonymous
> > > smtp_sasl_tls_security_options = noanonymous
> > > smtp_sasl_type = cyrus
> > > smtp_sender_dependent_authentication = yes
> > > smtp_tls_security_level = may
> > > smtpd_helo_required = yes
> > > smtpd_helo_restrictions =
> > > smtpd_milters = inet:localhost:8891
> > > smtpd_recipient_restrictions = reject_invalid_hostname,
> > > reject_non_fqdn_hostname, reject_non_fqdn_sender,
> > > reject_non_fqdn_recipient, reject_unknown_sender_domain,
> > > reject_unknown_recipient_domain,
> > > permit_mynetworks,
> > > permit_sasl_authenticated,
> > > reject_unauth_destination,
> > check_helo_access
> > > hash:/etc/postfix/reject_own_helo,
> > > check_policy_service unix:postgrey/socket
> > > smtpd_sasl_auth_enable = yes
> > > smtpd_sasl_path = /var/spool/postfix/private/auth
> > > smtpd_sasl_type = dovecot
> > > smtpd_tls_auth_only = yes
> > > smtpd_tls_cert_file = /etc/myssl/mycert.pem
> > > smtpd_tls_key_file = /etc/myssl/mycert.pem
> > > smtpd_tls_loglevel = 1
> > > smtpd_tls_security_level = may
> > > strict_rfc821_envelopes = yes
> > > unknown_address_reject_code = 554
> > > unknown_client_reject_code = 554
> > > unknown_hostname_reject_code = 554
> > > unknown_local_recipient_reject_code = 550
> > > virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map
> > > virtual_gid_maps = static:5000
> > > virtual_mailbox_base = /var/mail/mymail_storage
> > > virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map
> > > virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map
> > > virtual_transport = procmail
> > > virtual_uid_maps = static:5000
> > >
> > >
> > > 2015-02-24 19:18 GMT+01:00 Wietse Venema <wie...@porcupine.org>:
> > >
> > > > Marco Fioretti:
> > > > > Playing with several combination of the parameters suggested by
> > Wietse
> > > > > doesn't seem to make any difference. Below is the last combination
> > that I
> > > > > have tried. the lines starting with # were part of the previous
> > line, but
> > > > > the result is always an error message in the logs identical to the
> > one
> > > > > already posted, with the obvious exception of timestamps and msgids
> > > > >
> > > > > :-(
> > > > >
> > > > > smtp_sasl_auth_enable = yes
> > > > > smtp_sasl_mechanism_filter =
> > > > > #plain,login
> > > >
> > > > Please send "postconf -n" command output.
> > > >
> > > > Wietse
> > > >
> >
